Saving, using and collecting the register
The new requirements for personal data registers limit the location the register can be stored at. The register should be, except in special specific cases, stored within the EU and access to the register should be limited even more strictly than before. In addition, the storage location needs to be safe and have proper information security. Remember to correlate the size of the register with the method of encryption when choosing the storage mode: The GDPR is based on a principle of reasonability, so small registers need not be excessively encrypted.
Below is a list of workable solutions, with listed pros and cons.
Storage and use
- Shared encrypted file partition. A cryptographic program encrypted with for example VeraCrypt, with a strong encryption. The file is opened with a password and when opened, shows as a partitioned disk on the computer. Sharing can be done with ease in a cloud-based service like Google Drive or OneDrive, through which the association correspondent can control the user rights.
- Pros: Good information security. You can store anything in the file partition, so you can keep the register in any format. Easy to implement.
- Cons: Requires getting used to and some training for people not versed in tech.
- Shared excel sheet. An excel sheet can be shared through a cloud if it is password-protected. Akin to the file partition, the user control is done through the cloud.
- Pros: Very easy to implement and use. Extremely effective for small activities.
- Cons: File format restricted. Not very high information security.
- Personal physical external storage server/hard drive, for example an association’s server. Linux-based user interface. A good choice if you have a server up and running and the association has knowledge of server upkeep. When saving the registers, you should ensure file coherence with RAID technology and backups. Contact to the server through the internet is nowadays free with LetsEncrypt certificates.
- Pros: Enables very strong information security and direct communication between programs. User control is very versatile through the user interface. Enables automation services of registers.
- Cons: Requires the most upkeep and administration. Requires a lot of practice to master if not versed in Linux. Requires a physical space and equipment for the association.
Electronic information collection
- G suite – Paid service for companies by Google. The paid version of Google Forms and Drive services are accounted in the GDPR through the Privacy Shield certificate.
- Pros: A working, easy-to-use way to create signup sheets.
- Cons: Costs 4 EUR a month in upkeep.
- Microsoft Forms through o365 offered by Aalto. N.B. Aalto has not answered officially if this kind of use is covered by the user agreement. When working, same as the Google Forms service. Implemented through the instructions found at https://it.aalto.fi/fi/ohjeet/onedrive-business-kayttoonotto
- Pros: Free and handy to use.
- Cons: The questionnaire creator must be an active student at Aalto. No official confirmation on user agreement yet.
- Private web page forums, can be implemented through e.g. Wordpress.
- Pros: Free, very customizable through the platform.
- Cons: Requires a lot of work to implement, when considering all the options available.